Skip to Main Content

HIPAA Enforcement Statistics

The Centers for Medicare & Medicaid Services (CMS), on behalf of HHS, has authority to investigate complaints of non-compliance related to all of the HIPAA regulations except the Security Rule and Privacy rules, which are enforced by the Office of Civil Rights (OCR).  The regulations for which CMS has enforcement authority include: the Transactions and Code Sets (TCS); the National Employer Identifier Number (EIN); the National Provider Identifier (NPI); and the Operating Rules (OPR).   

Please view below the summary report that reflects the type and number of complaints type CMS is investigating.